@ -18,17 +18,21 @@ Wallets contain keys, not coins. The coins are stored on the blockchain, in the
Your bitcoin wallet contains a collection of key pairs, each consisting of a private key and a public key.
In the most simple form, the private key is a 256-bit number picked at random. The private key be used to create a corresponding public key. The public key can then be converted into a +bitcoin address+, which is shared with anyone who we want to send us bitcoin. Ownerhsip and control over the private key is the root of user control over all funds associated with the corresponding bitcoin address.
==== Private Keys
==== A Private Key
In the most simple form, the +private key+ is a number. The private key be used to create a corresponding +public key+. The public key can then be converted into a +bitcoin address+, which is shared with anyone who we want to send us bitcoin. Ownerhsip and control over the private key is the root of user control over all funds associated with the corresponding bitcoin address.
A private key is a 256-bit number. To create one, we just pick a 256-bit random number. In programming terms, this is usually achieved by feeding a larger string of random numbers, collected from a cryptographically-secure source of randomness, into the SHA-256 hash algorithm which will conveniently produce a 256-bit number.
===== Generating a private key from a random number
A private key is a number, between +1+ and +n - 1+ where +latexmath:[\(\n ~= 1.158 * 10^77\)]+ is the order of the elliptic curve used in bitcoin (See <<secp256k1>>). To create such a key, we just pick a 256-bit random number, and check that it is less than +n - 1+, or pick another random number and check again, until we get one less than +n - 1+. The constant +n+ is defined in any elliptic curve cryptography library. In programming terms, this is usually achieved by feeding a larger string of random bits, collected from a cryptographically-secure source of randomness, into the SHA-256 hash algorithm which will conveniently produce a 256-bit number.
[TIP]
====
Do not try and design your own random number generator (RNG). Use a cryptographically-secure RNG with a seed from a source of sufficient entropy. A good source of entropy is operating-system dependent. Correct implementation of the RNG is critical to the security of the keys. DIY is highly discouraged unless you are a professional cryptographer.
Do not try and design your own pseudo random number generator (PRNG). Use a cryptographically-secure (CSPRNG) with a seed from a source of sufficient entropy, the choice of which which depends on you operating-system. Correct implementation of the CSPRNG is critical to the security of the keys. DIY is highly discouraged unless you are a professional cryptographer.
====
Below, is a randomly generated private key shown in hexadecimal format (256 binary digits, or bits is shown as 64 hexadecimal digits, each 4-bits):
The public key is calculated from the private key using elliptic curve multiplication, which is irreversible: +latexmath:[\(\K = k * G\)]+ where +k+ is the private key, +G+ is a constant and +K+ is the resulting public key. The reverse (division), or calculating +k+ if you know +K+ is as difficult as trying all possible values of +k+, ie a brute-force search.
The public key is calculated from the private key using elliptic curve multiplication, which is irreversible: +latexmath:[\(\K = k * G\)]+ where +k+ is the private key, +G+ is a constant point called the _Generator Point_ and +K+ is the resulting public key. The reverse (division), or calculating +k+ if you know +K+ is as difficult as trying all possible values of +k+, ie a brute-force search.
The public key is a point on the elliptic curve, and consists of a pair of coordinates +(x,y)+, normally represented by a 512-bit number with the added prefix +04+.
Here's the public key generated by the private key we created above, shown as the coordinates +(x,y)+
.Public Key K defined as a point +K = (x,y)+
----
x = 32 5D 52 E3 B7 ... E5 D3 78
y = 7A 3D 41 E6 70 ... CD 90 C2
----
Here's the same public key shown as a 512-bit number (130 hex digits) with the prefix +04+ followed by +x+ and then +y+
.Uncompressed Public Key K shown in hex as +04 x y+
----
K = 04 32 5D 52 E3 B7 ... CD 90 C2
----
The +y+ coordinate can be deduced from the +x+ coordinate, since they both lie on the same curved line defined by the elliptic curve equation. This makes it possible to store the public key _compressed_, with the +y+ ommitted. A +compressed public key+ has the prefix +02+ if the +y+ is above the x-axis, and +03+ if it is below the x-axis, allowing the software to calculate it from +x+.
Here's the same public key above, shown as a +compressed public key+ stored in 264-bits (66 hex digits) with the prefix +02+ indicating the +y+ coordinate has a positive sign:
.Compressed Public Key K shown in hex as +K = {02 or 03} x+
Andreas M. Antonopoulos
10 years ago